Crackers and Worms
Root Boy Jim
rbj at nav.icst.nbs.gov
Fri Nov 18 02:17:21 AEST 1988
? From: Rahul Dhesi <dhesi at bsu-cs.uucp>
? Date: 12 Nov 88 20:46:57 GMT
? Keywords: bug reality
? In article <14505 at mimsy.UUCP> chris at mimsy.UUCP (Chris Torek) writes:
? >Actually, you get a `daemon' shell---not as bad, but, as Keith put it,
? >`not my idea of a good time'.
? But at's jobs to be executed are owned by daemon, so isn't being daemon
? just a trivial step away from being root? Somebody mentioned this
? earlier and nobody contradicted him.
? --
? Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
So who uses `at'? Maybe you like batch? On our sun, a daemon user could
tamper with the line printer queues and delete all the log files. Perhaps
worst of all is that /usr/etc/in.syslog is writable by daemon.
I'm sure there are other holes.
(Root Boy) Jim Cottrell (301) 975-5688
<rbj at nav.icst.nbs.gov> or <rbj at icst-cmr.arpa>
Crackers and Works -- Breakfast of Champions!
More information about the Comp.unix.wizards
mailing list